[hasangursoy]

I use both MFA and a password manager tool for security purposes, and the account is connected to my work email.

I am pretty sure that no security flaws was the cause of this, except pushing to the private repo.

I have checked the transaction and the commit dates, which are matching perfectly. No doubt about that.

[listenallyall]

Were all the wallets part of the same Metamask account? The transfers are all a few seconds apart... they could have gotten in the front door by obtaining your Metamask password without needing any keys. Because Metamask is a hot wallet, it's always connected and easy to steal. Metamask also produces a set of words for emergency recovery -- attacker could have obtained those as well.

With that said, they stole 7 dollars. Pretty cheap lesson on security in my opinion.